IRC channel logs
2023-11-15.log
back to list of logs
<Googulator> │ If you say Y here, then Linux will refuse to enumerate <Googulator> │ external hubs. OTG hosts are allowed to reduce hardware <Googulator> │ and software costs by not supporting external hubs. So <Googulator> │ are "Embedded Hosts" that don't offer OTG support. <oriansj>what if we encourages gamification of bootstrappability via a score called the "Ken Thompson score" 0 means you are properly bootstrapped and 100 means no one knows how to bootstrap the software. Thoughts? <oriansj>(aka the number of tools you need bootstrapped which have not already been bootstrapped) <vagrantc>oriansj: not sure about points ... but i could see a list of properties ... maybe even some sort of larger-grained categories (e.g. silver, gold, platnum) <vagrantc>although anything that nudges in the right direction rather than yes/no can be a good thing :) <oriansj>exactly and just being 1 point closer than someone else could be a source of pride <vagrantc>how do you define a point in a simple way, i guess is my question <matrix_bridge><Andrius Štikonas> Yeah, its all very subjective since there are many possible bootstrap paths <matrix_bridge><Andrius Štikonas> It would be hard to do more than a list... <oriansj>well imagine 1 build dependency that isn't bootstrapped is 1 point <oriansj>so needing 3 libraries and 1 compiler that wasn't bootstrapped (yet) would be 4 points (unless compilers and interpreters were worth more than 1 point) <oriansj>and we only count direct dependencies <vagrantc>what about 1000 build dependencies, and 100 are bootstrapped? <matrix_bridge><Andrius Štikonas> It might be a bit misleading if you look at direct deps <matrix_bridge><Andrius Štikonas> There might be 100 deps but just 1 dependency loop <matrix_bridge><Andrius Štikonas> So once one thing is bootstrapped, rest are too <oriansj>well yes but that would only pump the score up not down <vagrantc>suppose that is a helpful property of 0 :) <Googulator>looking back at the logs, since I've just managed to get my internet connection restored (catastrophic failure of the router) - how do you count "properly bootstrapped"? <Googulator>For example, if you bare-metal bootstrap from a USB flash drive bought at the infamous Shenzhen market, with an image prepared on an infected Windows XP PC - is that "properly bootstrapped"? <oriansj>Googulator: well we will start simple and easy; and limit ourselves to assuming trusted hardware and grant a single 512byte (or smaller) root seed. Any operating system bootstrapped from builder-hex0 out would all have a score of 0 and Windows (until they bootstrap from one of the trusted linux builds) would have a default score of 1 <Googulator>Trusted hardware isn't the question - if the system used for preparing the image isn't trustworthy, it compromises the whole bootstrap potentially <oriansj>true but the goal is to just looking at a single program and its direct build dependencides <Googulator>"dependencide" sounds like one of bootstrapping's goals :) <oriansj>your root being infected doesn't count against you (as it is only 512 bytes or smaller) but any root bigger and not properly bootstrapped would <Googulator>If we actually limit the root to 512 bytes, e.g. using a log-before-execute policy, then that's right. <Googulator>But in the "infected host" scenario, nothing stops the host system from e.g. stashing a copy of pre-backdoored binaries at the end of the disk, and modifying after.sh so it replaces the properly bootstrapped binaries with the stashed, backdoored ones, before reporting "Bootstrapping complete" <oriansj>true, the score would not be a good measure for trust; only a first approximation of how hard it would be for us to bootstrap that software. <Googulator>unrelated: anyone knows where the 1152MB size for Fiwix's initrd comes from? <Googulator>isn't it a ramdisk created within builder-hex0 and passed on to Fiwix using kexec-fiwix? <matrix_bridge><Andrius Štikonas> Maybe it is hardcoded limit in fiwix source? <matrix_bridge><Andrius Štikonas> Googulator: oh but you can't load more source with builder-hex0 anyway <Googulator>With the kernel config changes needed to make bare metal work properly, I run out of space on the ramdisk. Increasing to 1280MB works on my board, but 1440MB dies when jumping into Fiwix <Googulator>That's what I'm trying to figure out - where the limit comes from, and what the actual max safe size is <Googulator>We don't actually use that file write feature right now <Googulator>The initrd is created in memory, and stays in memory <oriansj>and if we use too much builds will fail <Googulator>My guess right now is that if we go too big, eventually we start writing it onto MMIO space <Googulator>which is why I'm a bit worried about going for 1280MB - it might work on my system, but not on others that have MMIO lower in their address space <Googulator>Fiwix itself could potentially handle more, since kexec-fiwix's trampoline actually copies the initrd to a much lower address than where builder-hex0 places it <Googulator>now, if Fiwix had support for taking an ext4 image smaller than the allocated ramdisk space, and extending it to the full size before mounting it and calling init - that would largely avoid this <Googulator>since then we only need to make the actual ext4 created within builder-hex0's environment large enough to hold the sources we pass on to Fiwix, which can then extend the FS to fit the build artifacts too